Message Authenticator Algorithm

Last updated

The Message Authenticator Algorithm (MAA) was one of the first cryptographic functions for computing a message authentication code (MAC).

Contents

History

It was designed in 1983 by Donald Davies and David Clayden at the National Physical Laboratory (United Kingdom) in response to a request of the UK Bankers Automated Clearing Services. The MAA was one of the first Message Authentication Code algorithms to gain widespread acceptance.

Development and standardization

The original specification [1] [2] of the MAA was given in a combination of natural language and tables, complemented by two implementations in C and BASIC programming languages.

The MAA was adopted by ISO in 1987 and became part of international standards ISO 8730 [3] [4] and ISO 8731-2 [5] intended to secure the authenticity and integrity of banking transactions.

Attacks

Later, cryptanalysis of MAA revealed various weaknesses, including feasible brute-force attacks, existence of collision clusters, and key-recovery techniques. [6] [7] [8] [9] For this reason, MAA was withdrawn from ISO standards in 2002 but continued to be used as a prominent case study for assessing various formal methods. [10]

Formal specifications of the MAA

The MAA has been used as a prominent case study for assessing various formal methods.

In the early 1990s, the NPL developed three formal specifications of the MAA: one in Z, [11] one in LOTOS, [12] and one in VDM. [13] [14] The VDM specification became part of the 1992 revision of the International Standard 8731-2, and three implementations were manually derived from that latter specification: C, Miranda, and Modula-2. [15]

Other formal models of the MAA have been developed. In 2017, a complete formal specification of the MAA as a large term rewriting system was published; [16] From this specification, implementations of the MAA in fifteen different languages have been generated automatically. In 2018, two new formal specifications of the MAA, in LOTOS and LNT, have been published. [17]

Related Research Articles

In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called blocks. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage and exchange of data, where such data is secured and authenticated via encryption.

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

<span class="mw-page-title-main">HMAC</span> Computer communications hash algorithm

In cryptography, an HMAC is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and authenticity of a message. An HMAC is a type of keyed hash function that can also be used in a key derivation scheme or a key stretching scheme.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

In cryptography, RC4 is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.

<span class="mw-page-title-main">RIPEMD</span> Cryptographic hash function

RIPEMD is a family of cryptographic hash functions developed in 1992 and 1996. There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of which RIPEMD-160 is the most common.

An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. In the simplest case, the authenticator is a common password.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

<span class="mw-page-title-main">Ron Rivest</span> American cryptographer

Ronald Linn Rivest is a cryptographer and computer scientist whose work has spanned the fields of algorithms and combinatorics, cryptography, machine learning, and election integrity. He is an Institute Professor at the Massachusetts Institute of Technology (MIT), and a member of MIT's Department of Electrical Engineering and Computer Science and its Computer Science and Artificial Intelligence Laboratory.

In cryptography, an initialization vector (IV) or starting variable is an input to a cryptographic primitive being used to provide the initial state. The IV is typically required to be random or pseudorandom, but sometimes an IV only needs to be unpredictable or unique. Randomization is crucial for some encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by the modes of operation.

In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.

<span class="mw-page-title-main">National Physical Laboratory (United Kingdom)</span> National Measurement Institution of the United Kingdom

The National Physical Laboratory (NPL) is the national measurement standards laboratory of the United Kingdom. It sets and maintains physical standards for British industry.

<span class="mw-page-title-main">Cryptographic hash function</span> Hash function that is suitable for use in cryptography

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

In cryptography, a message authentication code (MAC), sometimes known as an authentication tag, is a short piece of information used for authenticating and integrity checking a message. In other words, to confirm that the message came from the stated sender and has not been changed. The MAC value allows verifiers to detect any changes to the message content.

Phelix is a high-speed stream cipher with a built-in single-pass message authentication code (MAC) functionality, submitted in 2004 to the eSTREAM contest by Doug Whiting, Bruce Schneier, Stefan Lucks, and Frédéric Muller. The cipher uses only the operations of addition modulo 232, exclusive or, and rotation by a fixed number of bits. Phelix uses a 256-bit key and a 128-bit nonce, claiming a design strength of 128 bits. Concerns have been raised over the ability to recover the secret key if the cipher is used incorrectly.

Bart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group.

In public-key cryptography, the Station-to-Station (STS) protocol is a cryptographic key agreement scheme. The protocol is based on classic Diffie–Hellman, and provides mutual key and entity authentication. Unlike the classic Diffie–Hellman, which is not secure against a man-in-the-middle attack, this protocol assumes that the parties have signature keys, which are used to sign messages, thereby providing security against man-in-the-middle attacks.

<span class="mw-page-title-main">CBC-MAC</span> Message authentication code algorithm

In cryptography, a cipher block chaining message authentication code (CBC-MAC) is a technique for constructing a message authentication code (MAC) from a block cipher. The message is encrypted with some block cipher algorithm in cipher block chaining (CBC) mode to create a chain of blocks such that each block depends on the proper encryption of the previous block. This interdependence ensures that a change to any of the plaintext bits will cause the final encrypted block to change in a way that cannot be predicted or counteracted without knowing the key to the block cipher.

In cryptography, subliminal channels are covert channels that can be used to communicate secretly in normal looking communication over an insecure channel. Subliminal channels in digital signature crypto systems were found in 1984 by Gustavus Simmons.

In information security, message authentication or data origin authentication is a property that a message has not been modified while in transit and that the receiving party can verify the source of the message. Message authentication does not necessarily include the property of non-repudiation.

References

  1. Davies, Donald W. (1985). "A Message Authenticator Algorithm Suitable for a Mainframe Computer". Advances in Cryptology – Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques (CRYPTO’84), Santa Barbara, CA, USA. Lecture Notes in Computer Science. Vol. 196. Springer. pp. 393–400. doi: 10.1007/3-540-39568-7_30 .
  2. Davies, Donald W.; Clayden, David O. (1988). The Message Authenticator Algorithm (MAA) and its Implementation (PDF) (NPL Report DITC 109/88). Teddington, Middlesex, UK: National Physical Laboratory.
  3. International Organization for Standardization (1987). International Standard 8731-2. Approved Algorithms for Message Authentication – Part 2: Message Authenticator Algorithm (MAA) (Report). Geneva.
  4. International Organization for Standardization (1992). International Standard 8731-2. Approved Algorithms for Message Authentication – Part 2: Message Authenticator Algorithm (MAA) (Report). Geneva.
  5. International Organization for Standardization (1990). International Standard 8730. Requirements for Message Authentication (Wholesale) (Report). Geneva.
  6. Preneel, Bart; van Oorschot, Paul C. (1996). On the Security of Two MAC Algorithms. Advances in Cryptology – Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT’96), Saragossa, Spain. Lecture Notes in Computer Science. Vol. 1070. Springer. pp. 19–32. doi: 10.1007/3-540-68339-9_3 .
  7. Preneel, Bart; van Oorschot, Paul C. (1999). "On the Security of Iterated Message Authentication Codes". IEEE Transactions on Information Theory. 45 (1): 188–199. doi:10.1109/18.746787.
  8. Preneel, Bart; Rumen, Vincent; van Oorschot, Paul C. (1997). "Security Analysis of the Message Authenticator Algorithm (MAA) -journal=European Transactions on Telecommunications". 8 (5): 455–470. doi:10.1002/ett.4460080504.{{cite journal}}: Cite journal requires |journal= (help)
  9. Rijmen, Vincent; Preneel, Bart; De Win, Erik (1996). Key Recovery and Collision Clusters for MAA (PDF). Proceedings of the 1st International Conference on Security in Communication Networks (SCN’96).
  10. Preneel, Bart (2011). "MAA". Encyclopedia of Cryptography and Security. Encyclopedia of Cryptography and Security. pp. 741–742. doi:10.1007/978-1-4419-5906-5_591. ISBN   978-1-4419-5905-8 . Retrieved 3 May 2021.
  11. M. K. F. Lai (1991). A Formal Interpretation of the MAA Standard in Z (NPL Report DITC 184/91). Teddington, Middlesex, UK: National Physical Laboratory.
  12. Harold B. Munster (1991). LOTOS Specification of the MAA Standard, with an Evaluation of LOTOS (PDF) (NPL Report DITC 191/91). Teddington, Middlesex, UK: National Physical Laboratory.
  13. Graeme I. Parkin; G. O’Neill (1990). Specification of the MAA Standard in VDM (NPL Report DITC 160/90). National Physical Laboratory, Teddington, Middlesex, UK.
  14. Graeme I. Parkin; G. O’Neill (1991). Søren Prehn; W. J. Toetenel (eds.). Specification of the MAA Standard in VDM. Formal Software Development – Proceedings (Volume 1) of the 4th International Symposium of VDM Europe (VDM’91), Noordwijkerhout, The Netherlands. Lecture Notes in Computer Science. Vol. 551. Springer. pp. 526–544. doi:10.1007/3-540-54834-3_31.
  15. R. P. Lampard (1991). An Implementation of MAA from a VDM Specification (NPL Technical Memorandum DITC 50/91). Teddington, Middlesex, UK: National Physical Laboratory.
  16. Garavel, Hubert; Marsso, Lina (2017). A Large Term Rewrite System Modelling a Pioneering Cryptographic Algorithm. Proceedings of the 2nd Workshop on Models for Formal Analysis of Real Systems (MARS'17), Uppsala, Sweden. Electronic Proceedings in Theoretical Computer Science. Vol. 244. pp. 129–183. arXiv: 1703.06573 . doi:10.4204/EPTCS.244.6.
  17. Garavel, Hubert; Marsso, Lina (2018). Comparative Study of Eight Formal Specifications of the Message Authenticator Algorithm. Proceedings of the 3nd Workshop on Models for Formal Analysis of Real Systems (MARS'18) and 6th International Workshop on Verification and Program Transformation (MARS/VPT 2018), Thessaloniki, Greece. Electronic Proceedings in Theoretical Computer Science. Vol. 268. pp. 41–87. arXiv: 1803.10322 . doi:10.4204/EPTCS.268.2.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.